Vulnerability Disclosure Policy
Responsible disclosure, made simple — no friction, no retaliation.
Teisoft welcomes good-faith reports that help improve the security of its public websites and platform.
Scope
In-scope assets should be listed explicitly, for example:
All other Teisoft or third-party systems are out of scope unless Teisoft confirms otherwise in writing.
Authorized research
Teisoft will treat research as authorized under this Policy when the researcher:
- Acts in good faith.
- Avoids privacy violations and service disruption.
- Tests only in-scope assets.
- Stops after establishing sufficient evidence.
- Does not retain or disclose customer data.
- Reports the issue promptly.
- Gives Teisoft reasonable time to investigate and remediate.
- Complies with applicable law.
Prohibited activities
Do not perform:
- Denial-of-service testing.
- Social engineering.
- Phishing.
- Physical testing.
- Malware deployment.
- Destructive testing.
- Mass automated scanning that degrades service.
- Access to customer accounts.
- Data exfiltration.
- Password attacks.
- Testing of third-party services.
- Public disclosure before coordination.
Reporting
Send reports to:
Include:
- Affected asset.
- Description.
- Reproduction steps.
- Potential impact.
- Supporting screenshots or requests.
- Suggested remediation, when available.
- Contact information.
Do not send sensitive credentials through ordinary email. Teisoft should publish a PGP key or secure submission form if encrypted submissions are supported.
Response
Teisoft will attempt to:
- Acknowledge valid reports within [3–5] business days.
- Review severity and scope.
- Maintain reasonable communication.
- Notify the reporter when remediation is completed or the issue is otherwise resolved.
These are response targets, not guaranteed service levels.
Safe harbor
When research complies with this Policy, Teisoft will not initiate legal action solely because of that research.
If a third party initiates action and the research complied with this Policy, Teisoft may clarify that the activity was conducted under this Policy where appropriate.
This safe harbor does not authorize violations of third-party rights or applicable law.
Rewards
Teisoft does not currently offer a monetary bug bounty unless a separate program states otherwise.